EXPLORE
Sign In
← Back to Explore
T1529

System Shutdown/Reboot

Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via [Network Device CLI](https://attack.mitre.org/techniques/T1059/008) (e.g. <code>reload</code>).(Citation: Microsoft Shutdown Oct 2017)(Citation: alert_TA18_106A) They may...

ESXiLinuxmacOSNetwork DevicesWindows
18
Detections
3
Sources
4
Threat Actors

BY SOURCE

8sigma8splunk_escu2elastic

PROCEDURES (12)

Process Creation Monitoring4 detections

Auto-extracted: 4 detections for process creation monitoring

Bypass2 detections

Auto-extracted: 2 detections for bypass

General Monitoring2 detections

Auto-extracted: 2 detections for general monitoring

Persist2 detections

Auto-extracted: 2 detections for persist

Remote1 detections

Auto-extracted: 1 detections for remote

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Azure1 detections

Auto-extracted: 1 detections for azure

Service1 detections

Auto-extracted: 1 detections for service

Azure1 detections

Auto-extracted: 1 detections for azure

Service1 detections

Auto-extracted: 1 detections for service

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

THREAT ACTORS (4)

APT37APT38Lazarus GroupMedusa Group

DETECTIONS (18)

Azure Kubernetes Services (AKS) Kubernetes Pods Deleted
elasticmedium
Azure Resource Group Deleted
elasticmedium
Cisco Denial of Service
sigmamedium
ESXi Bulk VM Termination
splunk_escu
ESXi VM Kill Via ESXCLI
sigmamedium
Linux Magic SysRq Key Abuse
splunk_escu
Linux System Reboot Via System Request Key
splunk_escu
Microsoft Intune Manual Device Management
splunk_escu
Potential Abuse of Linux Magic System Request Key
sigmamedium
Silence.EDA Detection
sigmacritical
Suspicious Execution of Shutdown
sigmamedium
Suspicious Execution of Shutdown to Log Out
sigmamedium
System Shutdown/Reboot - Linux
sigmainformational
System Shutdown/Reboot - MacOs
sigmainformational
Windows Common Abused Cmd Shell Risk Behavior
splunk_escu
Windows System LogOff Commandline
splunk_escu
Windows System Reboot CommandLine
splunk_escu
Windows System Shutdown CommandLine
splunk_escu